package org.ametys.plugins.core.impl.right;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.ametys.core.cache.AbstractCacheManager;
import org.ametys.core.cache.Cache;
import org.ametys.core.group.Group;
import org.ametys.core.group.GroupIdentity;
import org.ametys.core.group.GroupManager;
import org.ametys.core.right.AccessController;
import org.ametys.core.right.AccessExplanation;
import org.ametys.core.right.Profile;
import org.ametys.core.right.ProfileAssignmentStorage;
import org.ametys.core.right.ProfileAssignmentStorageExtensionPoint;
import org.ametys.core.right.RightManager;
import org.ametys.core.right.RightProfilesDAO;
import org.ametys.core.right.RightsException;
import org.ametys.core.user.UserIdentity;
import org.ametys.plugins.core.impl.cache.AbstractCacheKey;
import org.ametys.plugins.core.schedule.Scheduler;
import org.ametys.runtime.i18n.I18nizableText;
import org.ametys.runtime.i18n.I18nizableTextParameter;
import org.ametys.runtime.plugin.component.AbstractLogEnabled;
import org.ametys.runtime.plugin.component.PluginAware;
import org.apache.avalon.framework.activity.Initializable;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.avalon.framework.service.Serviceable;
import org.apache.commons.collections.CollectionUtils;

/* loaded from: input_file:org/ametys/plugins/core/impl/right/AbstractProfileStorageBasedAccessController.class */
public abstract class AbstractProfileStorageBasedAccessController extends AbstractLogEnabled implements AccessController, Serviceable, Initializable, PluginAware {
    protected static final UserIdentity __ANONYMOUS_USER_IDENTITY = null;
    protected static final UserIdentity __ANY_CONTECTED_USER_IDENTITY = new UserIdentity(null, null);
    protected ProfileAssignmentStorageExtensionPoint _profileAssignmentStorageEP;
    protected RightProfilesDAO _rightProfileDAO;
    protected AbstractCacheManager _cacheManager;
    protected GroupManager _groupManager;
    private final String _cache1 = RightManager.ROLE + "$" + getClass().getName() + "$Cache-1";
    private final String _cache2 = RightManager.ROLE + "$" + getClass().getName() + "$Cache-2";
    private String _id;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/ametys/plugins/core/impl/right/AbstractProfileStorageBasedAccessController$Cache1Key.class */
    public static class Cache1Key extends AbstractCacheKey {
        Cache1Key(UserIdentity userIdentity, String str, Object obj) {
            super(userIdentity, str, obj);
        }

        static Cache1Key of(UserIdentity userIdentity, String str, Object obj) {
            return new Cache1Key(userIdentity, str, obj);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/ametys/plugins/core/impl/right/AbstractProfileStorageBasedAccessController$Cache2Key.class */
    public static class Cache2Key extends AbstractCacheKey {
        Cache2Key(Set<String> set, Object obj, CacheKind cacheKind) {
            super(set, obj, cacheKind);
        }

        static Cache2Key of(Set<String> set, Object obj, CacheKind cacheKind) {
            return new Cache2Key(set, obj, cacheKind);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/ametys/plugins/core/impl/right/AbstractProfileStorageBasedAccessController$CacheKind.class */
    public enum CacheKind {
        ANONYMOUS,
        ANY_CONNECTED_USER,
        USERS,
        USER,
        GROUPS
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/ametys/plugins/core/impl/right/AbstractProfileStorageBasedAccessController$PermissionDetails.class */
    public static class PermissionDetails {
        private AccessController.AccessResult _result;
        private Set<Profile> _profiles;
        private Object _object;
        private Set<Group> _groups;

        /* JADX INFO: Access modifiers changed from: package-private */
        public PermissionDetails(AccessController.AccessResult accessResult, Set<Profile> set, Set<Group> set2, Object obj) {
            this._result = accessResult;
            this._profiles = set;
            this._groups = set2;
            this._object = obj;
        }

        public AccessController.AccessResult getResult() {
            return this._result;
        }

        public Set<Profile> getProfiles() {
            return this._profiles;
        }

        public Object getObject() {
            return this._object;
        }

        public Set<Group> getGroups() {
            return this._groups;
        }
    }

    public void service(ServiceManager serviceManager) throws ServiceException {
        this._rightProfileDAO = (RightProfilesDAO) serviceManager.lookup(RightProfilesDAO.ROLE);
        this._profileAssignmentStorageEP = (ProfileAssignmentStorageExtensionPoint) serviceManager.lookup(ProfileAssignmentStorageExtensionPoint.ROLE);
        this._cacheManager = (AbstractCacheManager) serviceManager.lookup(AbstractCacheManager.ROLE);
        this._groupManager = (GroupManager) serviceManager.lookup(GroupManager.ROLE);
    }

    @Override // org.ametys.runtime.plugin.component.PluginAware
    public void setPluginInfo(String str, String str2, String str3) {
        this._id = str3;
    }

    public void initialize() throws Exception {
        if (!this._cacheManager.hasCache(this._cache1)) {
            this._cacheManager.createRequestCache(this._cache1, _buildI18n("PLUGINS_CORE_RIGHT_CACHE_1_LABEL"), _buildI18n("PLUGINS_CORE_RIGHT_CACHE_1_DESCRIPTION"), true);
        }
        if (this._cacheManager.hasCache(this._cache2)) {
            return;
        }
        this._cacheManager.createRequestCache(this._cache2, _buildI18n("PLUGINS_CORE_RIGHT_CACHE_2_LABEL"), _buildI18n("PLUGINS_CORE_RIGHT_CACHE_2_DESCRIPTION"), true);
    }

    private I18nizableText _buildI18n(String str) {
        return new I18nizableText("plugin.core", str, (Map<String, I18nizableTextParameter>) Map.of(Scheduler.KEY_RUNNABLE_ID, new I18nizableText(getClass().getSimpleName())));
    }

    @Override // org.ametys.core.right.AccessController
    public String getId() {
        return this._id;
    }

    public Map<String, AccessController.AccessResult> getPermissionByRight(UserIdentity userIdentity, Set<GroupIdentity> set, Object obj) {
        HashMap hashMap = new HashMap();
        Map<String, AccessController.AccessResult> permissionsByProfile = this._profileAssignmentStorageEP.getPermissionsByProfile(userIdentity, set, _convertContext(obj));
        for (String str : permissionsByProfile.keySet()) {
            for (String str2 : this._rightProfileDAO.getRights(str)) {
                hashMap.put(str2, AccessController.AccessResult.merge(permissionsByProfile.get(str), (AccessController.AccessResult) hashMap.get(str2)));
            }
        }
        return hashMap;
    }

    @Override // org.ametys.core.right.AccessController
    public AccessController.AccessResult getPermission(UserIdentity userIdentity, Set<GroupIdentity> set, String str, Object obj) {
        Set<String> profilesWithRight = this._rightProfileDAO.getProfilesWithRight(str);
        return (profilesWithRight == null || profilesWithRight.isEmpty()) ? AccessController.AccessResult.UNKNOWN : _getPermission(userIdentity, set, profilesWithRight, obj, _convertContext(obj));
    }

    @Override // org.ametys.core.right.AccessController
    public AccessController.AccessResult getReadAccessPermission(UserIdentity userIdentity, Set<GroupIdentity> set, Object obj) {
        return _getPermission(userIdentity, set, Collections.singleton(RightManager.READER_PROFILE_ID), obj, _convertContext(obj));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AccessController.AccessResult _getPermission(UserIdentity userIdentity, Set<GroupIdentity> set, Set<String> set2, Object obj, Object obj2) {
        Map map = (Map) _hasRightResultInSecondCache(obj2, set2, CacheKind.USER);
        if (map != null && map.containsKey(userIdentity)) {
            return (AccessController.AccessResult) map.get(userIdentity);
        }
        AccessController.AccessResult merge = AccessController.AccessResult.merge(this._profileAssignmentStorageEP.getPermissions(userIdentity, set, set2, obj2).values());
        Map hashMap = map == null ? new HashMap() : map;
        hashMap.put(userIdentity, merge);
        _putInSecondCache(set2, obj2, hashMap, CacheKind.USER);
        return merge;
    }

    @Override // org.ametys.core.right.AccessController
    public AccessController.AccessResult getPermissionForAnonymous(String str, Object obj) {
        Set<String> profilesWithRight = this._rightProfileDAO.getProfilesWithRight(str);
        return (profilesWithRight == null || profilesWithRight.isEmpty()) ? AccessController.AccessResult.UNKNOWN : _getPermissionForAnonymous(profilesWithRight, obj, _convertContext(obj));
    }

    @Override // org.ametys.core.right.AccessController
    public AccessController.AccessResult getReadAccessPermissionForAnonymous(Object obj) {
        return _getPermissionForAnonymous(Collections.singleton(RightManager.READER_PROFILE_ID), obj, _convertContext(obj));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AccessController.AccessResult _getPermissionForAnonymous(Set<String> set, Object obj, Object obj2) {
        AccessController.AccessResult accessResult = (AccessController.AccessResult) _hasRightResultInSecondCache(obj2, set, CacheKind.ANONYMOUS);
        if (accessResult != null) {
            return accessResult;
        }
        AccessController.AccessResult permissionForAnonymous = this._profileAssignmentStorageEP.getPermissionForAnonymous(set, obj2);
        _putInSecondCache(set, obj2, permissionForAnonymous, CacheKind.ANONYMOUS);
        return permissionForAnonymous;
    }

    @Override // org.ametys.core.right.AccessController
    public AccessController.AccessResult getPermissionForAnyConnectedUser(String str, Object obj) {
        Set<String> profilesWithRight = this._rightProfileDAO.getProfilesWithRight(str);
        return (profilesWithRight == null || profilesWithRight.isEmpty()) ? AccessController.AccessResult.UNKNOWN : _getPermissionForAnyConnectedUser(profilesWithRight, obj, _convertContext(obj));
    }

    @Override // org.ametys.core.right.AccessController
    public AccessController.AccessResult getReadAccessPermissionForAnyConnectedUser(Object obj) {
        return _getPermissionForAnyConnectedUser(Collections.singleton(RightManager.READER_PROFILE_ID), obj, _convertContext(obj));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AccessController.AccessResult _getPermissionForAnyConnectedUser(Set<String> set, Object obj, Object obj2) {
        AccessController.AccessResult accessResult = (AccessController.AccessResult) _hasRightResultInSecondCache(obj2, set, CacheKind.ANY_CONNECTED_USER);
        if (accessResult != null) {
            return accessResult;
        }
        AccessController.AccessResult permissionForAnyConnectedUser = this._profileAssignmentStorageEP.getPermissionForAnyConnectedUser(set, obj2);
        _putInSecondCache(set, obj2, permissionForAnyConnectedUser, CacheKind.ANY_CONNECTED_USER);
        return permissionForAnyConnectedUser;
    }

    @Override // org.ametys.core.right.AccessController
    public Map<UserIdentity, AccessController.AccessResult> getPermissionByUser(String str, Object obj) {
        Set<String> profilesWithRight = this._rightProfileDAO.getProfilesWithRight(str);
        return (profilesWithRight == null || profilesWithRight.isEmpty()) ? Collections.EMPTY_MAP : _getPermissionByUser(profilesWithRight, obj, _convertContext(obj));
    }

    @Override // org.ametys.core.right.AccessController
    public Map<UserIdentity, AccessController.AccessResult> getReadAccessPermissionByUser(Object obj) {
        return _getPermissionByUser(Collections.singleton(RightManager.READER_PROFILE_ID), obj, _convertContext(obj));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<UserIdentity, AccessController.AccessResult> _getPermissionByUser(Set<String> set, Object obj, Object obj2) {
        Map<UserIdentity, AccessController.AccessResult> map = (Map) _hasRightResultInSecondCache(obj2, set, CacheKind.USERS);
        if (map != null) {
            return map;
        }
        Map<UserIdentity, AccessController.AccessResult> permissionsByUser = this._profileAssignmentStorageEP.getPermissionsByUser(set, obj2);
        _putInSecondCache(set, obj2, permissionsByUser, CacheKind.USERS);
        return permissionsByUser;
    }

    @Override // org.ametys.core.right.AccessController
    public Map<GroupIdentity, AccessController.AccessResult> getPermissionByGroup(String str, Object obj) {
        Set<String> profilesWithRight = this._rightProfileDAO.getProfilesWithRight(str);
        return (profilesWithRight == null || profilesWithRight.isEmpty()) ? Collections.EMPTY_MAP : _getPermissionByGroup(profilesWithRight, obj, _convertContext(obj));
    }

    @Override // org.ametys.core.right.AccessController
    public Map<GroupIdentity, AccessController.AccessResult> getReadAccessPermissionByGroup(Object obj) {
        return _getPermissionByGroup(Collections.singleton(RightManager.READER_PROFILE_ID), obj, _convertContext(obj));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<GroupIdentity, AccessController.AccessResult> _getPermissionByGroup(Set<String> set, Object obj, Object obj2) {
        Map<GroupIdentity, AccessController.AccessResult> map = (Map) _hasRightResultInSecondCache(obj2, set, CacheKind.GROUPS);
        if (map != null) {
            return map;
        }
        Map<GroupIdentity, AccessController.AccessResult> permissionsByGroup = this._profileAssignmentStorageEP.getPermissionsByGroup(set, obj2);
        _putInSecondCache(set, obj2, permissionsByGroup, CacheKind.GROUPS);
        return permissionsByGroup;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Object _convertContext(Object obj) {
        return obj;
    }

    protected Object _unconvertContext(Object obj) {
        return obj;
    }

    @Override // org.ametys.core.right.AccessController
    public boolean hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> set) {
        return _hasAnonymousAnyPermissionOnWorkspace(set, Collections.singleton(RightManager.READER_PROFILE_ID));
    }

    @Override // org.ametys.core.right.AccessController
    public boolean hasAnonymousAnyPermissionOnWorkspace(Set<Object> set, String str) {
        return _hasAnonymousAnyPermissionOnWorkspace(set, this._rightProfileDAO.getProfilesWithRight(str));
    }

    private boolean _hasAnonymousAnyPermissionOnWorkspace(Set<Object> set, Set<String> set2) {
        Boolean _hasRightResultInFirstCache = _hasRightResultInFirstCache(__ANONYMOUS_USER_IDENTITY, set2, set);
        if (_hasRightResultInFirstCache != null) {
            return _hasRightResultInFirstCache.booleanValue();
        }
        Set<? extends Object> _convertWorkspaceToRootRightContexts = _convertWorkspaceToRootRightContexts(set);
        Set<String> set3 = set2;
        boolean z = false;
        if (CollectionUtils.isNotEmpty(_convertWorkspaceToRootRightContexts)) {
            Set<String> hasAnonymousAnyPermission = this._profileAssignmentStorageEP.hasAnonymousAnyPermission(_convertWorkspaceToRootRightContexts, set2);
            if (!hasAnonymousAnyPermission.isEmpty()) {
                z = true;
                set3 = hasAnonymousAnyPermission;
            }
        }
        _putInFirstCache(__ANONYMOUS_USER_IDENTITY, set3, set, z);
        return z;
    }

    @Override // org.ametys.core.right.AccessController
    public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> set) {
        return _hasAnyConnectedUserAnyPermissionOnWorkspace(set, Collections.singleton(RightManager.READER_PROFILE_ID));
    }

    @Override // org.ametys.core.right.AccessController
    public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> set, String str) {
        return _hasAnyConnectedUserAnyPermissionOnWorkspace(set, this._rightProfileDAO.getProfilesWithRight(str));
    }

    private boolean _hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> set, Set<String> set2) {
        Boolean _hasRightResultInFirstCache = _hasRightResultInFirstCache(__ANY_CONTECTED_USER_IDENTITY, set2, set);
        if (_hasRightResultInFirstCache != null) {
            return _hasRightResultInFirstCache.booleanValue();
        }
        Set<? extends Object> _convertWorkspaceToRootRightContexts = _convertWorkspaceToRootRightContexts(set);
        Set<String> set3 = set2;
        boolean z = false;
        if (CollectionUtils.isNotEmpty(_convertWorkspaceToRootRightContexts)) {
            Set<String> hasAnyConnectedUserAnyPermission = this._profileAssignmentStorageEP.hasAnyConnectedUserAnyPermission(_convertWorkspaceToRootRightContexts, set2);
            if (!hasAnyConnectedUserAnyPermission.isEmpty()) {
                z = true;
                set3 = hasAnyConnectedUserAnyPermission;
            }
        }
        _putInFirstCache(__ANY_CONTECTED_USER_IDENTITY, set3, set, z);
        return z;
    }

    @Override // org.ametys.core.right.AccessController
    public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> set, UserIdentity userIdentity, Set<GroupIdentity> set2) {
        return _hasUserAnyPermissionOnWorkspace(set, userIdentity, set2, Collections.singleton(RightManager.READER_PROFILE_ID));
    }

    @Override // org.ametys.core.right.AccessController
    public boolean hasUserAnyPermissionOnWorkspace(Set<Object> set, UserIdentity userIdentity, Set<GroupIdentity> set2, String str) {
        return _hasUserAnyPermissionOnWorkspace(set, userIdentity, set2, this._rightProfileDAO.getProfilesWithRight(str));
    }

    private boolean _hasUserAnyPermissionOnWorkspace(Set<Object> set, UserIdentity userIdentity, Set<GroupIdentity> set2, Set<String> set3) {
        Boolean _hasRightResultInFirstCache = _hasRightResultInFirstCache(userIdentity, set3, set);
        if (_hasRightResultInFirstCache != null) {
            return _hasRightResultInFirstCache.booleanValue();
        }
        Set<? extends Object> _convertWorkspaceToRootRightContexts = _convertWorkspaceToRootRightContexts(set);
        Set<String> set4 = set3;
        boolean z = false;
        if (CollectionUtils.isNotEmpty(_convertWorkspaceToRootRightContexts)) {
            Set<String> hasUserAnyPermission = this._profileAssignmentStorageEP.hasUserAnyPermission(_convertWorkspaceToRootRightContexts, userIdentity, set2, set3);
            if (!hasUserAnyPermission.isEmpty()) {
                z = true;
                set4 = hasUserAnyPermission;
            }
        }
        _putInFirstCache(userIdentity, set4, set, z);
        return z;
    }

    protected abstract Set<? extends Object> _convertWorkspaceToRootRightContexts(Set<Object> set);

    protected Boolean _hasRightResultInFirstCache(UserIdentity userIdentity, Set<String> set, Object obj) {
        if (set == null || set.isEmpty()) {
            return false;
        }
        Cache cache = this._cacheManager.get(this._cache1);
        if (cache != null) {
            int i = 0;
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                Cache1Key of = Cache1Key.of(userIdentity, it.next(), obj);
                if (cache.hasKey(of)) {
                    if (((Boolean) cache.get(of)).booleanValue()) {
                        getLogger().debug("Find entry in cache for [{}, {}, {}] => true", new Object[]{userIdentity, set, obj});
                        return true;
                    }
                    i++;
                }
            }
            if (i == set.size()) {
                return false;
            }
        }
        getLogger().debug("Did not find entry in cache for [{}, {}, {}]", new Object[]{userIdentity, set, obj});
        return null;
    }

    protected void _putInFirstCache(UserIdentity userIdentity, Set<String> set, Object obj, boolean z) {
        Cache cache = this._cacheManager.get(this._cache1);
        if (cache != null) {
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                cache.put(Cache1Key.of(userIdentity, it.next(), obj), Boolean.valueOf(z));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Object _hasRightResultInSecondCache(Object obj, Set<String> set, CacheKind cacheKind) {
        Object obj2 = this._cacheManager.get(this._cache2).get(Cache2Key.of(set, obj, cacheKind));
        if (obj2 != null) {
            getLogger().debug("Find entry in cache for [{}, {}, {}] => {}", new Object[]{set, obj, cacheKind, obj2});
            return obj2;
        }
        getLogger().debug("Did not find entry in cache for [{}, {}, {}]", new Object[]{set, obj, cacheKind});
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void _putInSecondCache(Set<String> set, Object obj, Object obj2, CacheKind cacheKind) {
        Cache cache = this._cacheManager.get(this._cache2);
        if (cache != null) {
            cache.put(Cache2Key.of(set, obj, cacheKind), obj2);
        }
    }

    @Override // org.ametys.core.right.AccessController
    public AccessExplanation explainReadAccessPermission(UserIdentity userIdentity, Set<GroupIdentity> set, Object obj) {
        return _explainPermission(userIdentity, set, Collections.singleton(RightManager.READER_PROFILE_ID), obj, _convertContext(obj));
    }

    @Override // org.ametys.core.right.AccessController
    public AccessExplanation explainPermission(UserIdentity userIdentity, Set<GroupIdentity> set, String str, Object obj) {
        Set<String> profilesWithRight = this._rightProfileDAO.getProfilesWithRight(str);
        return (profilesWithRight == null || profilesWithRight.isEmpty()) ? _buildExplanation(new PermissionDetails(AccessController.AccessResult.UNKNOWN, Set.of(), Set.of(), obj)) : _explainPermission(userIdentity, set, profilesWithRight, obj, _convertContext(obj));
    }

    protected AccessExplanation _explainPermission(UserIdentity userIdentity, Set<GroupIdentity> set, Set<String> set2, Object obj, Object obj2) {
        return _buildExplanation(_getPermissionDetails(userIdentity, set, set2, obj, obj2));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v25, types: [java.util.Set] */
    public PermissionDetails _getPermissionDetails(UserIdentity userIdentity, Set<GroupIdentity> set, Set<String> set2, Object obj, Object obj2) {
        Map<String, AccessController.AccessResult> permissions = this._profileAssignmentStorageEP.getPermissions(userIdentity, set, set2, obj2);
        AccessController.AccessResult merge = AccessController.AccessResult.merge(permissions.values());
        if (merge == AccessController.AccessResult.UNKNOWN) {
            return new PermissionDetails(merge, Set.of(), Set.of(), obj);
        }
        Set set3 = (Set) permissions.entrySet().stream().filter(entry -> {
            return entry.getValue() == merge;
        }).map(entry2 -> {
            return this._rightProfileDAO.getProfile((String) entry2.getKey());
        }).collect(Collectors.toSet());
        HashSet hashSet = new HashSet();
        if (merge == AccessController.AccessResult.GROUP_ALLOWED || merge == AccessController.AccessResult.GROUP_DENIED) {
            hashSet = (Set) this._profileAssignmentStorageEP.getPermissionsByGroup(set2, obj2).entrySet().stream().filter(entry3 -> {
                return entry3.getValue() == merge;
            }).map(entry4 -> {
                return this._groupManager.getGroup((GroupIdentity) entry4.getKey());
            }).collect(Collectors.toSet());
        }
        return new PermissionDetails(merge, set3, hashSet, obj);
    }

    protected AccessExplanation _buildExplanation(PermissionDetails permissionDetails) {
        try {
            return new AccessExplanation(getId(), permissionDetails.getResult(), _getExplanationI18nText(permissionDetails));
        } catch (RightsException e) {
            getLogger().warn("An error occured while building explanation for context {}", permissionDetails.getObject(), e);
            return AccessController.getDefaultAccessExplanation(getId(), permissionDetails.getResult());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public I18nizableText _getExplanationI18nText(PermissionDetails permissionDetails) {
        return new I18nizableText("plugin.core-impl", _getAccessExplanationI18nKey("PLUGINS_CORE_PROFILE_STORAGE_ACCESS_CONTROLLER_", permissionDetails), _getExplanationI18nParams(permissionDetails));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String _getAccessExplanationI18nKey(String str, PermissionDetails permissionDetails) {
        StringBuilder append = new StringBuilder(str).append(permissionDetails.getResult().name()).append("_EXPLANATION");
        if (permissionDetails.getProfiles().size() > 1) {
            append.append("_MULTIPLE_PROFILES");
        }
        if (permissionDetails.getGroups().size() > 1) {
            append.append("_MULTIPLE_GROUPS");
        }
        return append.toString();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, I18nizableTextParameter> _getExplanationI18nParams(PermissionDetails permissionDetails) {
        HashMap hashMap = new HashMap();
        hashMap.put("objectLabel", getObjectLabelForExplanation(permissionDetails.getObject()));
        Set<Group> groups = permissionDetails.getGroups();
        if (!groups.isEmpty()) {
            hashMap.put("groups", AccessExplanation.groupsToI18nizableText(groups));
        }
        Set<Profile> profiles = permissionDetails.getProfiles();
        if (!profiles.isEmpty()) {
            hashMap.put("profiles", AccessExplanation.profilesToI18nizableText(profiles));
        }
        return hashMap;
    }

    protected I18nizableText getObjectLabelForExplanation(Object obj) throws RightsException {
        return getObjectLabel(obj);
    }

    @Override // org.ametys.core.right.AccessController
    public AccessExplanation explainReadAccessPermissionForAnyConnectedUser(Object obj) {
        return _explainPermissionForAnyConnectedUser(Collections.singleton(RightManager.READER_PROFILE_ID), obj, _convertContext(obj));
    }

    @Override // org.ametys.core.right.AccessController
    public AccessExplanation explainPermissionForAnyConnectedUser(String str, Object obj) {
        Set<String> profilesWithRight = this._rightProfileDAO.getProfilesWithRight(str);
        return (profilesWithRight == null || profilesWithRight.isEmpty()) ? _buildExplanation(new PermissionDetails(AccessController.AccessResult.UNKNOWN, Set.of(), Set.of(), obj)) : _explainPermissionForAnyConnectedUser(profilesWithRight, obj, _convertContext(obj));
    }

    protected AccessExplanation _explainPermissionForAnyConnectedUser(Set<String> set, Object obj, Object obj2) {
        return _buildExplanation(_getPermissionDetailsForAnyConnectedUser(set, obj, obj2));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PermissionDetails _getPermissionDetailsForAnyConnectedUser(Set<String> set, Object obj, Object obj2) {
        AccessController.AccessResult permissionForAnyConnectedUser = this._profileAssignmentStorageEP.getPermissionForAnyConnectedUser(set, obj2);
        if (permissionForAnyConnectedUser == AccessController.AccessResult.UNKNOWN) {
            return new PermissionDetails(permissionForAnyConnectedUser, Set.of(), Set.of(), obj);
        }
        Stream<String> filter = this._profileAssignmentStorageEP.getProfilesForAnonymousAndAnyConnectedUser(obj2).get(permissionForAnyConnectedUser == AccessController.AccessResult.ANY_CONNECTED_ALLOWED ? ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys.ANYCONNECTEDUSER_ALLOWED : ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys.ANYCONNECTEDUSER_DENIED).stream().filter(str -> {
            return set.contains(str);
        });
        RightProfilesDAO rightProfilesDAO = this._rightProfileDAO;
        Objects.requireNonNull(rightProfilesDAO);
        return new PermissionDetails(permissionForAnyConnectedUser, (Set) filter.map(rightProfilesDAO::getProfile).collect(Collectors.toSet()), Set.of(), obj);
    }

    @Override // org.ametys.core.right.AccessController
    public AccessExplanation explainReadAccessPermissionForAnonymous(Object obj) {
        return _explainPermissionForAnonymous(Collections.singleton(RightManager.READER_PROFILE_ID), obj, _convertContext(obj));
    }

    @Override // org.ametys.core.right.AccessController
    public AccessExplanation explainPermissionForAnonymous(String str, Object obj) {
        Set<String> profilesWithRight = this._rightProfileDAO.getProfilesWithRight(str);
        return (profilesWithRight == null || profilesWithRight.isEmpty()) ? _buildExplanation(new PermissionDetails(AccessController.AccessResult.UNKNOWN, Set.of(), Set.of(), obj)) : _explainPermissionForAnonymous(profilesWithRight, obj, _convertContext(obj));
    }

    protected AccessExplanation _explainPermissionForAnonymous(Set<String> set, Object obj, Object obj2) {
        return _buildExplanation(_getPermissionDetailsForAnonymous(set, obj, obj2));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PermissionDetails _getPermissionDetailsForAnonymous(Set<String> set, Object obj, Object obj2) {
        AccessController.AccessResult permissionForAnonymous = this._profileAssignmentStorageEP.getPermissionForAnonymous(set, obj2);
        if (permissionForAnonymous == AccessController.AccessResult.UNKNOWN) {
            return new PermissionDetails(permissionForAnonymous, Set.of(), Set.of(), obj);
        }
        Stream filter = ((Set) Optional.ofNullable(this._profileAssignmentStorageEP.getProfilesForAnonymousAndAnyConnectedUser(obj2).get(permissionForAnonymous == AccessController.AccessResult.ANONYMOUS_DENIED ? ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys.ANONYMOUS_DENIED : ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys.ANONYMOUS_ALLOWED)).orElse(Set.of())).stream().filter(str -> {
            return set.contains(str);
        });
        RightProfilesDAO rightProfilesDAO = this._rightProfileDAO;
        Objects.requireNonNull(rightProfilesDAO);
        return new PermissionDetails(permissionForAnonymous, (Set) filter.map(rightProfilesDAO::getProfile).collect(Collectors.toSet()), Set.of(), obj);
    }

    @Override // org.ametys.core.right.AccessController
    public Map<AccessController.ExplanationObject, Map<AccessController.Permission, AccessExplanation>> explainAllPermissions(UserIdentity userIdentity, Set<GroupIdentity> set) {
        String str;
        Profile profile;
        Map<Object, Map<ProfileAssignmentStorageExtensionPoint.AccessResultInfo, Set<String>>> allPermissions = this._profileAssignmentStorageEP.getAllPermissions(userIdentity, set);
        HashMap hashMap = new HashMap();
        for (Object obj : allPermissions.keySet()) {
            try {
                if (_isSupportedStoredContext(obj)) {
                    Object _unconvertContext = _unconvertContext(obj);
                    HashMap hashMap2 = new HashMap();
                    for (Map.Entry<ProfileAssignmentStorageExtensionPoint.AccessResultInfo, Set<String>> entry : allPermissions.get(obj).entrySet()) {
                        Iterator<String> it = entry.getValue().iterator();
                        while (it.hasNext()) {
                            ((List) hashMap2.computeIfAbsent(it.next(), str2 -> {
                                return new ArrayList();
                            })).add(entry.getKey());
                        }
                    }
                    HashMap hashMap3 = new HashMap();
                    for (Map.Entry entry2 : hashMap2.entrySet()) {
                        AccessController.AccessResult merge = AccessController.AccessResult.merge(((List) entry2.getValue()).stream().map((v0) -> {
                            return v0.accessResult();
                        }).toList());
                        if (merge != AccessController.AccessResult.UNKNOWN && (profile = this._rightProfileDAO.getProfile((str = (String) entry2.getKey()))) != null) {
                            Set of = Set.of();
                            if (merge == AccessController.AccessResult.GROUP_ALLOWED || merge == AccessController.AccessResult.GROUP_DENIED) {
                                of = (Set) ((List) entry2.getValue()).stream().filter(accessResultInfo -> {
                                    return accessResultInfo.accessResult() == merge;
                                }).map(accessResultInfo2 -> {
                                    return this._groupManager.getGroup((GroupIdentity) accessResultInfo2.target());
                                }).collect(Collectors.toSet());
                            }
                            hashMap3.put(RightManager.READER_PROFILE_ID.equals(str) ? new AccessController.Permission(AccessController.Permission.PermissionType.READ, null) : new AccessController.Permission(AccessController.Permission.PermissionType.PROFILE, str), _buildExplanation(new PermissionDetails(merge, Set.of(profile), of, _unconvertContext)));
                        }
                    }
                    hashMap.put(getExplanationObject(_unconvertContext), hashMap3);
                }
            } catch (RightsException e) {
                getLogger().warn("An error occured while retrieving the explanation object for stored object '{}' of controller '{}'. The context will be ignored for this controller", new Object[]{obj.toString(), getId(), e});
            }
        }
        return hashMap;
    }

    @Override // org.ametys.core.right.AccessController
    public Map<AccessController.Permission, AccessExplanation> explainAllPermissionsForAnonymous(Object obj) {
        return (Map) _getAllPermissionsDetailsForAnonymous(obj, _convertContext(obj)).entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            return _buildExplanation((PermissionDetails) entry.getValue());
        }));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<AccessController.Permission, PermissionDetails> _getAllPermissionsDetailsForAnonymous(Object obj, Object obj2) {
        HashMap hashMap = new HashMap();
        Map<ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys, Set<String>> profilesForAnonymousAndAnyConnectedUser = this._profileAssignmentStorageEP.getProfilesForAnonymousAndAnyConnectedUser(obj2);
        Set<String> set = profilesForAnonymousAndAnyConnectedUser.get(ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys.ANONYMOUS_DENIED);
        if (set != null) {
            for (String str : set) {
                Profile profile = this._rightProfileDAO.getProfile(str);
                if (profile != null) {
                    hashMap.put(str.equals(RightManager.READER_PROFILE_ID) ? new AccessController.Permission(AccessController.Permission.PermissionType.READ, null) : new AccessController.Permission(AccessController.Permission.PermissionType.PROFILE, str), new PermissionDetails(AccessController.AccessResult.ANONYMOUS_DENIED, Set.of(profile), Set.of(), obj));
                }
            }
        }
        Set<String> set2 = profilesForAnonymousAndAnyConnectedUser.get(ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys.ANONYMOUS_ALLOWED);
        if (set2 != null) {
            for (String str2 : set2) {
                Profile profile2 = this._rightProfileDAO.getProfile(str2);
                if (profile2 != null) {
                    hashMap.put(str2.equals(RightManager.READER_PROFILE_ID) ? new AccessController.Permission(AccessController.Permission.PermissionType.READ, null) : new AccessController.Permission(AccessController.Permission.PermissionType.PROFILE, str2), new PermissionDetails(AccessController.AccessResult.ANONYMOUS_ALLOWED, Set.of(profile2), Set.of(), obj));
                }
            }
        }
        return hashMap;
    }

    @Override // org.ametys.core.right.AccessController
    public Map<AccessController.Permission, AccessExplanation> explainAllPermissionsForAnyConnected(Object obj) {
        return (Map) _getAllPermissionsDetailsForAnyConnected(obj, _convertContext(obj)).entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            return _buildExplanation((PermissionDetails) entry.getValue());
        }));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<AccessController.Permission, PermissionDetails> _getAllPermissionsDetailsForAnyConnected(Object obj, Object obj2) {
        HashMap hashMap = new HashMap();
        Map<ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys, Set<String>> profilesForAnonymousAndAnyConnectedUser = this._profileAssignmentStorageEP.getProfilesForAnonymousAndAnyConnectedUser(obj2);
        Set<String> set = profilesForAnonymousAndAnyConnectedUser.get(ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys.ANYCONNECTEDUSER_ALLOWED);
        if (set != null) {
            for (String str : set) {
                Profile profile = this._rightProfileDAO.getProfile(str);
                if (profile != null) {
                    hashMap.put(str.equals(RightManager.READER_PROFILE_ID) ? new AccessController.Permission(AccessController.Permission.PermissionType.READ, null) : new AccessController.Permission(AccessController.Permission.PermissionType.PROFILE, str), new PermissionDetails(AccessController.AccessResult.ANY_CONNECTED_ALLOWED, Set.of(profile), Set.of(), obj));
                }
            }
        }
        Set<String> set2 = profilesForAnonymousAndAnyConnectedUser.get(ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys.ANYCONNECTEDUSER_DENIED);
        if (set2 != null) {
            for (String str2 : set2) {
                Profile profile2 = this._rightProfileDAO.getProfile(str2);
                if (profile2 != null) {
                    hashMap.put(str2.equals(RightManager.READER_PROFILE_ID) ? new AccessController.Permission(AccessController.Permission.PermissionType.READ, null) : new AccessController.Permission(AccessController.Permission.PermissionType.PROFILE, str2), new PermissionDetails(AccessController.AccessResult.ANY_CONNECTED_DENIED, Set.of(profile2), Set.of(), obj));
                }
            }
        }
        return hashMap;
    }

    @Override // org.ametys.core.right.AccessController
    public Map<UserIdentity, Map<AccessController.Permission, AccessExplanation>> explainAllPermissionsByUser(Object obj) {
        Map<UserIdentity, Map<AccessController.Permission, PermissionDetails>> _getAllPermissionsDetailsByUser = _getAllPermissionsDetailsByUser(obj, _convertContext(obj));
        HashMap hashMap = new HashMap(_getAllPermissionsDetailsByUser.size());
        for (UserIdentity userIdentity : _getAllPermissionsDetailsByUser.keySet()) {
            hashMap.put(userIdentity, (Map) _getAllPermissionsDetailsByUser.get(userIdentity).entrySet().stream().collect(Collectors.toMap((v0) -> {
                return v0.getKey();
            }, entry -> {
                return _buildExplanation((PermissionDetails) entry.getValue());
            })));
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<UserIdentity, Map<AccessController.Permission, PermissionDetails>> _getAllPermissionsDetailsByUser(Object obj, Object obj2) {
        HashMap hashMap = new HashMap();
        Map<UserIdentity, Map<ProfileAssignmentStorage.UserOrGroup, Set<String>>> profilesForUsers = this._profileAssignmentStorageEP.getProfilesForUsers(obj2, null);
        for (UserIdentity userIdentity : profilesForUsers.keySet()) {
            Map<ProfileAssignmentStorage.UserOrGroup, Set<String>> map = profilesForUsers.get(userIdentity);
            HashMap hashMap2 = new HashMap();
            Set<String> set = map.get(ProfileAssignmentStorage.UserOrGroup.ALLOWED);
            if (set != null) {
                for (String str : set) {
                    Profile profile = this._rightProfileDAO.getProfile(str);
                    if (profile != null) {
                        hashMap2.put(str.equals(RightManager.READER_PROFILE_ID) ? new AccessController.Permission(AccessController.Permission.PermissionType.READ, null) : new AccessController.Permission(AccessController.Permission.PermissionType.PROFILE, str), new PermissionDetails(AccessController.AccessResult.USER_ALLOWED, Set.of(profile), Set.of(), obj));
                    }
                }
            }
            Set<String> set2 = map.get(ProfileAssignmentStorage.UserOrGroup.DENIED);
            if (set2 != null) {
                for (String str2 : set2) {
                    Profile profile2 = this._rightProfileDAO.getProfile(str2);
                    if (profile2 != null) {
                        hashMap2.put(str2.equals(RightManager.READER_PROFILE_ID) ? new AccessController.Permission(AccessController.Permission.PermissionType.READ, null) : new AccessController.Permission(AccessController.Permission.PermissionType.PROFILE, str2), new PermissionDetails(AccessController.AccessResult.USER_DENIED, Set.of(profile2), Set.of(), obj));
                    }
                }
            }
            hashMap.put(userIdentity, hashMap2);
        }
        return hashMap;
    }

    @Override // org.ametys.core.right.AccessController
    public Map<GroupIdentity, Map<AccessController.Permission, AccessExplanation>> explainAllPermissionsByGroup(Object obj) {
        Map<GroupIdentity, Map<AccessController.Permission, PermissionDetails>> _getAllPermissionsDetailsByGroup = _getAllPermissionsDetailsByGroup(obj, _convertContext(obj));
        HashMap hashMap = new HashMap(_getAllPermissionsDetailsByGroup.size());
        for (GroupIdentity groupIdentity : _getAllPermissionsDetailsByGroup.keySet()) {
            hashMap.put(groupIdentity, (Map) _getAllPermissionsDetailsByGroup.get(groupIdentity).entrySet().stream().collect(Collectors.toMap((v0) -> {
                return v0.getKey();
            }, entry -> {
                return _buildExplanation((PermissionDetails) entry.getValue());
            })));
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<GroupIdentity, Map<AccessController.Permission, PermissionDetails>> _getAllPermissionsDetailsByGroup(Object obj, Object obj2) {
        HashMap hashMap = new HashMap();
        Map<GroupIdentity, Map<ProfileAssignmentStorage.UserOrGroup, Set<String>>> profilesForGroups = this._profileAssignmentStorageEP.getProfilesForGroups(obj2, null);
        for (GroupIdentity groupIdentity : profilesForGroups.keySet()) {
            Map<ProfileAssignmentStorage.UserOrGroup, Set<String>> map = profilesForGroups.get(groupIdentity);
            HashMap hashMap2 = new HashMap();
            Set<String> set = map.get(ProfileAssignmentStorage.UserOrGroup.ALLOWED);
            if (set != null) {
                for (String str : set) {
                    Profile profile = this._rightProfileDAO.getProfile(str);
                    if (profile != null) {
                        hashMap2.put(str.equals(RightManager.READER_PROFILE_ID) ? new AccessController.Permission(AccessController.Permission.PermissionType.READ, null) : new AccessController.Permission(AccessController.Permission.PermissionType.PROFILE, str), new PermissionDetails(AccessController.AccessResult.GROUP_ALLOWED, Set.of(profile), Set.of(), obj));
                    }
                }
            }
            Set<String> set2 = map.get(ProfileAssignmentStorage.UserOrGroup.DENIED);
            if (set2 != null) {
                for (String str2 : set2) {
                    Profile profile2 = this._rightProfileDAO.getProfile(str2);
                    if (profile2 != null) {
                        hashMap2.put(str2.equals(RightManager.READER_PROFILE_ID) ? new AccessController.Permission(AccessController.Permission.PermissionType.READ, null) : new AccessController.Permission(AccessController.Permission.PermissionType.PROFILE, str2), new PermissionDetails(AccessController.AccessResult.GROUP_DENIED, Set.of(profile2), Set.of(), obj));
                    }
                }
            }
            hashMap.put(groupIdentity, hashMap2);
        }
        return hashMap;
    }

    protected boolean _isSupportedStoredContext(Object obj) {
        return isSupported(obj);
    }
}
